MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd9aec539578ec0df05b982043e0a033087c476b6a6b8142d6cbee9538b314f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd9aec539578ec0df05b982043e0a033087c476b6a6b8142d6cbee9538b314f1
SHA3-384 hash: 487ce960c3f38807b18aa3ce631403435bcf01c2d20edb7f3039ccd91e4a4771f0fc586875ff13458253de3612750187
SHA1 hash: f3b957cc9c36c817346126a9f29bddac410f8ad5
MD5 hash: 0bdeb683e3e46228f42d032b53f0aafe
humanhash: white-cat-nevada-arizona
File name:CUFUYO.arj
Download: download sample
Signature Formbook
Create hunting rule
File size:399'873 bytes
First seen:2021-04-01 07:21:28 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:pmg0tT+nmyYXp8TjlDSJQ6/G8KEQSsxlCMl:pT0t4YXwdU+8Kd7h
TLSH 6384230BDB5E16380F771291C9C50CA4A67EE608D6091AF27F1ECEF189B49D8439379D
Reporter abuse_ch
Tags:arj FormBook


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.tdm.com.pe
Sending IP: 148.102.57.235
From: Walter Cosme Castro <wcosme@tdm.com.pe>
Subject: RE: Urgente cotizar vibrador neumático a pistón.
Attachment: CUFUYO.arj (contains "CUFUYO.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd9aec539578ec0df05b982043e0a033087c476b6a6b8142d6cbee9538b314f1/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 07:22:08 UTC
AV detection:
5 of 47 (10.64%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3wnoyu4vpdwa34c3taqehyfagmehyr3lnjvycqwwzpxjkoftctyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/dd9aec539578ec0df05b982043e0a033087c476b6a6b8142d6cbee9538b314f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

arj dd9aec539578ec0df05b982043e0a033087c476b6a6b8142d6cbee9538b314f1

(this sample)

Formbook

Executable exe 5b75380750244e31e48bad94f23649870af530cd9697aa9d6acd15891d30010c

  
Dropping
MD5 68e43bfcd9f9589acd63a72599757ff7
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5b75380750244e31e48bad94f23649870af530cd9697aa9d6acd15891d30010c

Comments